diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/pages/admin_news.php | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php new file mode 100644 index 00000000..2c6e1f45 --- /dev/null +++ b/includes/pages/admin_news.php @@ -0,0 +1,87 @@ +<?php +function admin_news() { + global $user; + + if (!isset ($_GET["action"])) { + header("Location: " . page_link_to("news")); + } else { + $html = ""; + switch ($_GET["action"]) { + case 'edit' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + $html .= '<a href="' . page_link_to("news") . '">« Back</a>'; + + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=save\" method=\"post\">\n"; + + $html .= "<table>\n"; + $html .= " <tr><td>Datum</td><td>" . + date("Y-m-d H:i", $news['Datum']) . "</td></tr>\n"; + $html .= " <tr><td>Betreff</td><td><input type=\"text\" size=\"40\" name=\"eBetreff\" value=\"" . + $news["Betreff"] . "\"></td></tr>\n"; + $html .= " <tr><td>Text</td><td><textarea rows=\"10\" cols=\"80\" name=\"eText\">" . + $news["Text"] . "</textarea></td></tr>\n"; + $html .= " <tr><td>Engel</td><td>" . + UID2Nick($news["UID"]) . "</td></tr>\n"; + $html .= " <tr><td>Treffen</td><td>" . html_select_key('eTreffen', array ( + '1' => "Ja", + '0' => "Nein" + ), $news['Treffen']) . "</td></tr>\n"; + $html .= "</table>"; + + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Speichern\">\n"; + $html .= "</form>"; + + $html .= "<form action=\"" . page_link_to("admin_news") . "&action=delete\" method=\"POST\">\n"; + $html .= "<input type=\"hidden\" name=\"id\" value=\"" . $id . "\">\n"; + $html .= "<input type=\"submit\" name=\"submit\" value=\"Löschen\">\n"; + $html .= "</form>"; + } else + return error("No News found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . + "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("DELETE FROM `news` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + } + } + return $html; +} +?>
\ No newline at end of file |